Hello everyone, This is my first writeup about the bug that I found on Facebook back on 3/1/2018.
So, I wasn’t interested in Facebook bug bounty program for a while since I was so busy with my highschool exams back in 2018, I just wanted to collect some information about some users, and to know the methods to do that.
However, I started to copy the usernames of some users and to move to the login page, then trying to do forget password and click I have no access to my email.
So I get after that in some users an option to try to recover the account using my trusted friends!
Okay so for example when I try that it sends me to this page :
and it asks me to enter the names for 3 trusted friends.
so without sending the request to the burp suite, without thinking too much, I said ntplr=0 hmm?
Let’s try to put 1 so it will be ntplr=1 😀
guess what? yeah, it worked I can see the trusted friends now for an account in the Facebook, even if the account doesn’t use the trusted friends feature I’m able to see the most 5 friends the user talk to them using the messenger.
so I was like :
So as you can see in this screenshot, the GET parameter [ntplr] was vulnerable!, if you set it to 1 it will disclosure the target information for you, and I was able to write an exploit tool using python to retrieve any user trusted friends for me just by entering the user id, and it’s doing that just by replacing the user id in the session.
I have rewarded a bounty of 1500$ and my name in the Facebook hall of fame for 2018.
So, my advice to you here, don’t give up, don’t listen to anyone that could frustrate your spirits, Always focus the smallest things here might matter for you .. I found this bug in 15 minutes only, you might say, whoa what the hick, how lucky this guy is! well guess what even if you’re lucky the vulnerability will not popup by itself to you while you’re playing or not trying, you’ll find it while you’re trying so here it’s not luck .. It’s just you trying your best.
so as I always say:
surmount the peak
Thanks for reading 😀 .. if you have any question do not hesitate to ask me on Facebook
With kind Regards.